Avatar of PramoIT
PramoIT
Flag for Netherlands asked on

outlook anywhere internal hostname

Hi,

We have an exchange 2010 server. We have renewed our certificates. Because internal servernames cant be included in the certificates anymore, we have changed the internal hostnames for owa, ecp, oab etc etc. But we cant change the internal hostname for outlook anywhere.

Now the clients keep getting certificate mismatch error after starting outlook.

I was trying to change the internal hostname with the following command.

Set-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" -InternalHostname mail.mydomain.com -InternalClientsRequireSsl $true

A positional parameter cannot be found that accepts argument '-InternalHostname'.
   + CategoryInfo          : InvalidArgument: (:) [Set-OutlookAnywhere], ParameterBindingException
   + FullyQualifiedErrorId : PositionalParameterNotFound,Set-OutlookAnywhere

Any help is apreciated.

Regards
OutlookInternet / Email SoftwareExchangeEmail ServersActive Directory

Avatar of undefined
Last Comment
PramoIT

8/22/2022 - Mon
Ivan

Hi,

you should first create DNS zone for you public name, eg. mydomain.com and point mail record to you exchange server, it's internal ip address, so that internal client connect directly to it.

After that you should reconfigure AutoDiscover for internal clients:
Set-ClientAccessServer -Identity Servername –AutoDiscoverServiceInternalUri https://mail.mydomain.com/Autodiscover/Autodiscover.xml 

To check current AutoDiscover settings:
Get-ClientAccessServer |fl identity,autodiscoverserviceinternaluri

Change WebServices as well.
To check current setting:
Get-WebServicesVirtualDirectory |fl identity,internalurl

To reconfigure it:
Set-WebServicesVirtualDirectory -Identity “Hostname\EWS (Default Web Site)” -InternalUrl https://mail.mydomain.com/EWS/Exchange.asmx -BasicAuthentication:$true

After this, there should not be certificate mismatch.

Regards,
Ivan.
PramoIT

ASKER
I've already set the autodiscover and web service virtual directory to point internal url to mail.mydomain.com. That works fine.

Outlook anywhere internal hostname has to be changed, why isn't above command working?
Ivan

I don't think there is InternalHostname switch in that command.

If you check available parameters for that command, there is no InternalHostname switch.

https://technet.microsoft.com/en-us/library/bb124993(v=exchg.141).aspx

Regards,
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
PramoIT

ASKER
This link is not for set-oulookanywhere, but for enable-outlookanywhere
I mean this https://technet.microsoft.com/en-us/library/bb123545(v=exchg.150).aspx

But after looking further, i see this is for exchange 2013. For exchange 2010 https://technet.microsoft.com/en-us/library/bb123545(v=exchg.141).aspx

there is indeed no internalhostname option for set-outlookanywhere in 2010

What can we do else, what you stated before has already been done except for the dns part. DNS is for the public zone is set up externally.
Shreedhar Ette

Hi,

Make sure that you have set the External Hostname set to mail.mydomain.com as per the attached snapshot.
OA.PNG
ASKER CERTIFIED SOLUTION
Zacharia Kurian

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
PramoIT

ASKER
Hi Shreedhar, the external hostname for outlook anywhere is already set correct.

Hi Zacharia, I've already read that article. I've ran the tool and all the exchange services already have the internal url's point to the external names.

So that part is ok. Now the outlook anywhere part.

According to the article I have to run the following command to check wether i have to set outlook anywhere or not.

Get-OutlookAnywhere -Identity "HostName\Rpc (Default Web Site)" | fl InternalHostname, InternalClientsRequireSsl

The output of this command is nothing, empty, no text at all. See attached screenshot "screen1"

In "screen2" you can see the result of the command
Get-OutlookAnywhere -Identity "Hostname\Rpc (Default Web Site)"

Behind the blue color there is the internal hostname and/or local domain.
Behind the green color there is the external hostname mail.mydomain.com

In "screen3 certwarning" you can see the certificate warning. This warning can only be caused by the internal hostname of outlook anywhere. All the rest is set to external urls. As you can see in "screen4" and "screen5"

One last thing, the certificate error only occurs on outlook clients that reside on the same network as the exchange server. External outlook clients don't get the certificate error.

Regards,
screen1.PNG
screen2.PNG
screen3-certwarning.PNG
screen4-outlooksettings.PNG
screen5-outlooksettings.PNG
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Zacharia Kurian

Could you try running ExRCA and post the details?

Zac.
Zacharia Kurian

Just forgot about DNS. Have you set up DNS records to resolve the external domain names to the internal IP address?

For example;
 your internal exchange name "exsrv.abcd.local points to 192.168.1.1
your public exchnage name is "email.abcd.com"
then add a DNS record for email.abcd.com pointing to 192.168.1.1, in your AD DNS.
 
Zac.
SOLUTION
PramoIT

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Zacharia Kurian

Would it be a big deal to recreate the profile for your users? How many users do you have?

Another work around is to either use wildcard SAN  SSL or create an internal cert.

Zac.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
PramoIT

ASKER
I think it's best to recreate the profles.

What about the self signed certificate? In exchange you can just attach 1 certificate to iis. How would you do that?

Regards,
Zacharia Kurian

Forget about it (self signed). It was just a TYPO error

So if you can't afford a wild card cert, then go for the recreating the profile.

Zac.
PramoIT

ASKER
After doing all the necessary steps, the outlook profiles have to be recreated.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.